LOLDocs - Sideloading in Signed Office Files

Explore an innovative approach to phishing through "code side-loading in signed documents" in this 43-minute conference talk from BruCON Security Conference. Delve into the process of identifying vulnerabilities in Microsoft signed Office add-ins, with a focus on the Microsoft Analysis ToolPak Excel add-ins (.XLAM file type). Learn how attackers can exploit these vulnerabilities to embed malicious code without invalidating signatures, creating potential phishing scenarios. Discover the complexities involved in finding, exploiting, and weaponizing this class of vulnerabilities, as well as the challenges in implementing effective mitigations. Gain insights into the ongoing battle between increased security measures and evolving phishing techniques in the realm of Office documents.

07 - BruCON 0x0E - LOLDocs: Sideloading in Signed Office files - Pieter Ceelen & Dima van de Wouw